How useful is WordPress strong password generator, practically?

How useful is WordPress strong password generator, practically

I was not using WordPress actively until today. I have a few clients I helped built websites using the WordPress CMS platform and I had to do some maintenance on them. And yes, I also had to create some new users for one of the client (non technical client is an over statement here. Never mind, why I had to do it for them. ) . Then I stumbled upon the WordPress's new "Strong password auto generator", that, as the name implies, generates a strong password for a user in WordPress. 

I googled and I came across this post on (Passwords in 4.3: Strong by Default) where it says:

One of the development efforts in the WordPress 4.3 cycle was improving the way that passwords are chosen and changed. Before, people had to start from scratch when choosing a password. They were presented with an empty box, and had to use a really terrible tool for generating secure passwords: the human brain.

So, apparently, the "human brain" is a terrible tool and is culprit for weak passwords!

Well, I don't agree with the first part but I have to agree with the second part of the above sentence. Because, if we want to secure our accounts, be it WordPress or our computer or online banking accounts, setting a strong password is a must. But more often than not, people set weak passwords. I suppose it is so because, most users want to "keep it simple" undermining the importance of keeping strong passwords or they do not know how to create strong passwords or just simply lazy. "Don't wanna put too much pressure on the brain to make a strong password and then to remember it", I may think if I was one.  Anyways, it is very important that we set strong passwords for any accounts.

WordPress strong password generator:

Now that we have discussed the importance of setting strong passwords, let get back to the topic. WordPress have included "strong password generator" from WordPress version 4.3.  Kudos to the WordPress team for strongly thinking about security.

You will now see "Generate Password" button when editing a profile and "show password" when adding a new user. And you will see a very strong password, which looks something like this:

wordpress show password generator

WordPress strong password generator

Is WordPress's strong password generator useful?
We understand the importance of strong passwords and it's good to know that WordPress also feels the same way and did what they had to, and included a "strong password" generator. 

Now the question is - "Is the strong password generator any good, practically?"

Before wasting a lot of time discussing on this, let me get back to the story I started this post with, that is, creation of new user accounts for a client. So, I clicked "Add a new user" and a little down the page, next to the label "New Password", there was a button "Show Password". I clicked on the "Show password" and displayed as the password is a string of 24 characters with numbers, uppercase and lower case letters, special characters - you know, all the required characters of strong password! Great!

But then I thought, "Can I give this password to the client?" Definitely not! They'll go crazy! And even if we keep the same password generated, the password is so strong that remembering is not an option. So they might end up writing it down or save it on some notepad or sticky note somewhere, which negate the whole objective of setting up a strong password in the first place. So I changed and set a strong password, yet simpler one enough to remember. If they don't like this password I changed to, the client always has the option to reset the password that is easy to remember yet a strong one, just as a always advise them, provided they aren't lazy to.

So, even though a strong password is desires, and the WordPress password generator does indeed generates a strong password, the thing is that it is too random to remember. Users may instead end up writing down or saving them to notepads etc. which is also not safe. Imagine strong password written down?

The above discussion is just an opinion and I think instead of random password generators, it is best if one would take some time to learn how to create strong password yet easy to remember.

Here are some simple tips to create strong passwords:

Strong passwords can be created with a little bit of effort by mixing thing up. And the longer passwords are the better. But the ultimate agenda is that it should be easy to remember it!

A few things to avoid when creating passwords:
  • Avoid names, places and common dictionary words
  • Avoid using your birthdays or family members birth dates
  • Avoid using names of objects or things that are commonly known about you or your family members. Such as your first car, spouse's name, girlfriend / boyfriend's name or school name or pet dog, or anything else.
  • Avoid sequence of numbers of letters. Such as 123456 or abcdef or qwerty pr password etc.
Some weak passwords:
  • Password, Passw0rd, P@55w0rd
  • Qwerty123, admin123, admin@123, admin
  • Letmein, L3tm31n, Comein, C0m31n
  • and similar others.
Some seems complex due to the mix of numbers and special characters, but they are very common ones. So such password are easy to guess and try.

A few tips to create strong passwords:
  • Make password considerably long (Minimum 8 characters. The longer it is the harder it is to crack) 
  • Mix it up (use Uppercase letters, lowercase letters, numbers and special characters)
  • Use numbers instead of alphabets 
    • 1 instead of e, 3 instead of e, 5 instead of s, 7 instead of L, 0 instead of O
  • Use special characters instead of alphabets
    • ! instead of i, @ instead of a, $ instead of s, & instead of N
  • Make passwords out of  make up phrases or from nursery rhymes or favorite lines from a song or movie
    • Here comes the rain: H3r3c0m3$th3r@1n
    • Stones in my boots : St0n3$1nmyb00t$
    • Ghost who walks : Gh0$twh0w@lk$
By applying the simple tricks above, we can create strong passwords, yet passwords that are easy to remember.

Comment with Facebook